ausearch and terminal
Daniel J Walsh
dwalsh at redhat.com
Mon Aug 3 11:42:12 UTC 2009
On 07/31/2009 08:55 AM, Vadym Chepkov wrote:
> I figured it out, apparently you have to add switch --input-logs, when you run it from cron. Don't ask me why, I am puzzled myself.
>
> Sincerely yours,
> Vadym Chepkov
>
>
> --- On Fri, 7/31/09, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>> From: Daniel J Walsh <dwalsh at redhat.com>
>> Subject: Re: ausearch and terminal
>> To: "Vadym Chepkov" <chepkov at yahoo.com>
>> Cc: "Fedora SELinux" <fedora-selinux-list at redhat.com>
>> Date: Friday, July 31, 2009, 8:42 AM
>> On 07/30/2009 10:38 PM, Vadym Chepkov
>> wrote:
>>> Hi,
>>>
>>> I observe a very strange behavior of the ausearch
>> utility.
>>> audit-1.7.7-6.el5_3.3
>>>
>>> # cat /root/bin/autest.sh
>>> /sbin/ausearch -m avc| wc -l
>>>
>>> If I run it, I get expected results:
>>>
>>> # /root/bin/autest.sh
>>> 1563
>>>
>>> But if I run it from cron, I get this in e-mail:
>>>
>>> <no matches>
>>> 0
>>>
>>> Why??
>>>
>>> Sincerely yours,
>>> Vadym Chepkov
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> Is cron being denied the ability to read the
>> audit.log? Look for an AVC.
>>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Steve Grubb can explain.
More information about the fedora-selinux-list
mailing list